15946 matches found
Microsoft Patches Zero Day Browser Bug Under Active Attack
It’s a busy Patch Tuesday for Microsoft with a total of 20 critical vulnerabilities addressed in this February’s monthly security bulletin. Four bugs, rated important, were previously publicly known. Worse, Microsoft said a zero-day bug tied to its Internet Explorer browser, also rated important,...
SMBGhost RCE Exploit Threatens Corporate Networks
The release of a fully functional proof-of-concept PoC exploit for a critical, wormable remote code-execution RCE vulnerability in Windows could spark a wave of cyberattacks, the feds have warned. Microsoft patched the bug tracked as CVE-2020-0796 back in March; also known as SMBGhost or...
Wordpress Yellow Pencil Plugin Flaws Actively Exploited
The maker of a WordPress plugin, Yellow Pencil Visual Theme Customizer, is asking all users to immediately update after it was discovered to have software vulnerabilities that are being actively exploited. The attacker exploiting these flaws has been behind several other recent plugin attacks the...
TrickBot Gang Enters Cybercrime Elite with Fresh Affiliates
The cybercriminals behind the infamous TrickBot trojan have signed two additional distribution affiliates, dubbed Hive0106 aka TA551 and Hive0107 by IBM X-Force. The result? Escalating ransomware hits on corporations, especially using the Conti ransomware. The development also speaks to the...
Attackers Target ProxyLogon Exploit to Install Cryptojacker
Cryptojacking can be added to the list of threats that face any unpatched Exchange servers that remain vulnerable to the now-infamous ProxyLogon exploit, new research has found. Researchers discovered the threat actors using Exchange servers compromised using the highly publicized exploit...
Feds Warn Nation-State Hackers are Actively Exploiting Unpatched Microsoft Exchange, F5, VPN Bugs
The U.S. government is warning that Chinese threat actors have successfully compromised several government and private sector entities in recent months, by exploiting vulnerabilities in F5 BIG-IP devices, Citrix and Pulse Secure VPNs and Microsoft Exchange servers. Patches are currently available...
Cisco IP Phone Harbors Critical RCE Flaw
Cisco is warning of a critical flaw in the web server of its IP phones. If exploited, the flaw could allow an unauthenticated, remote attacker to execute code with root privileges or launch a denial-of-service DoS attack. Proof-of-concept PoC exploit code has been posted on GitHub for the...
Microsoft Teams Patch Bypass Allows RCE
COVID-19 has spurred the use of videoconferencing for businesses worldwide – and this expanded threat surface has lured attackers like moths to a flame. Adding insult to injury, researchers have recently discovered a workaround for a previous patch issued for Microsoft Teams, that would allow a...
InvisiMole Group Resurfaces Touting Fresh Toolset, Gamaredon Partnership
The InvisiMole threat group has resurfaced in a new campaign, revealing a new toolset and a strategic collaboration with the high-profile Gamaredon advanced persistent threat APT group. InvisiMole was first uncovered by ESET in 2018, with cyberespionage activity dating back to 2013 in operations ...
Manipulating Microsoft WSUS to Own Enterprises
LAS VEGAS – Windows Server Update Services WSUS is your friend, if you run an enterprise IT shop, because it facilitates the download and distribution of security patches, service pack installations and hardware driver updates among others. Two researchers this week at the Black Hat conference,...
Cyberespionage APT Now Identified as Three Separate Actors
A threat group responsible for sophisticated cyberespionage attacks against U.S. utilities is actually comprised of three subgroups, all with their own toolsets and targets, that have been operating globally since 2018, researchers have found. TA410 is a cyberespionage umbrella group loosely link...
Public Exploit Released for Windows 10 Bug
Security teams might have skipped January’s Patch Tuesday after reports of it breaking servers, but it also included a patch for a privilege-escalation bug in Windows 10 that leaves unpatched systems open to malicious actors looking for administrative access. It’s a bug that now has a...
FELIXROOT Backdoor Resurfaces in Environmental Spam Campaign
After a few months of absence, the FELIXROOT backdoor malware has been spotted in a fresh malspam campaign. The campaign uses weaponized lure documents claiming to contain seminar information on environmental protection efforts. This backdoor has a range of functions, including the ability to...
Conti Ransomware V. 3, Including Decryptor, Leaked
Pro-Ukraine security researcher @ContiLeaks yesterday uploaded a fresher version of Conti ransomware than they had previously released – specifically, the source code for Conti Ransomware V3.0 – to VirusTotal. ContiLeaks posted a link to the code on Twitter. The code includes a compiled locker an...
Lemon Duck Cryptocurrency-Mining Botnet Activity Spikes
Researchers are warning of a recent dramatic uptick in the activity of the Lemon Duck cryptocurrency-mining botnet, which targets victims’ computer resources to mine the Monero virtual currency. Click to Register! Researchers warn that Lemon Duck is “one of the more complex” mining botnets, with...
Attackers Can Exploit Critical Cisco Jabber Flaw With One Message
Researchers are warning of a critical remote code-execution RCE flaw in the Windows version of Cisco Jabber, the networking company’s video-conferencing and instant-messaging application. Attackers can exploit the flaw merely by sending targets specially crafted messages – no user interaction...
3 Critical Bugs Allow Remote Attacks on Cisco NX-OS and Switches
Cisco Systems has issued patches for three critical vulnerabilities impacting a key tool for managing its network platform and switches. The bugs could allow an unauthenticated, remote attacker to bypass endpoint authentication and execute arbitrary actions with administrative privileges on...
Leaky Amazon S3 Buckets Expose Data of Netflix, TD Bank
Three publicly-accessible cloud storage buckets from data management company Attunity leaked more than a terabyte of data from its top Fortune 100 customers – including internal business documents, system passwords, sensitive employee information. Israel-based Attunity, which was acquired by Qlik...
Wormable, Unpatched Microsoft Bug Threatens Corporate LANs
UPDATE Microsoft released an emergency out-of-band patch to fix a SMBv3 wormable bug on Thursday that leaked earlier this week. The a patch for the vulnerability, tracked as CVE-2020-0796, is now rolling out to Windows 10 and Windows Server 2019 systems worldwide, according to Microsoft. On...
Fujitsu Wireless Keyboard Plagued By Unpatched Flaws
Two high-severity flaws, discovered in a popular Fujitsu wireless keyboard set, could allow attackers from a short distance away to “eavesdrop” on passwords entered into the keyboards, or even fully takeover a victim’s system. Making matters worse, the impacted Fujitsu wireless keyboard LX390...
Microsoft Exchange Exploits Pave a Ransomware Path
Cybercriminals are now using compromised Microsoft Exchange servers as a foothold to deploy a new ransomware family called DearCry, Microsoft has warned. The ransomware is the latest threat to beleaguer vulnerable Exchange servers, emerging shortly after Microsoft issued emergency patches in earl...
Microsoft Exchange Servers See ProxyLogon Patching Frenzy
The patching level for Microsoft Exchange Servers that are vulnerable to the ProxyLogon group of security bugs has reached 92 percent, according to Microsoft. The computing giant tweeted out the stat earlier this week – though of course patching won’t fix already-compromised machines. Still, that...
High-Severity Cisco DoS Flaw Plagues Small-Business Switches
Cisco is warning of a high-severity flaw that could allow remote, unauthenticated attackers to cripple several of its popular small-business switches with denial of service DoS attacks. The vulnerability stems from the IPv6 packet processing engine in the switches. IPv6 also known as Internet...
Admins Urged to Patch Critical F5 Flaw Under Active Attack
Security experts are urging companies to deploy an urgent patch for a critical vulnerability in F5 Networks’ networking devices, which is being actively exploited by attackers to scrape credentials, launch malware and more. Last week, F5 Networks issued urgent patches for the critical remote...
PortDoor Espionage Malware Takes Aim at Russian Defense Sector
A previously undocumented backdoor malware, dubbed PortDoor, is being used by a probable Chinese advanced persistent threat actor APT to target the Russian defense sector, according to researchers. The Cybereason Nocturnus Team observed the cybercriminals specifically going after the Rubin Design...
Critical Magento Holes Open Online Shops to Code Execution
Two critical flaws in Magento – Adobe’s e-commerce platform that is commonly targeted by attackers like the Magecart threat group – could enable arbitrary code execution on affected systems. Retail is set to boom in the coming months – between this week’s Amazon Prime Day and November’s Black...
Netgear Zero-Day Allows Full Takeover of Dozens of Router Models
UPDATED Researchers this week said they discovered an unpatched, zero-day vulnerability in firmware for Netgear routers that put 79 device models at risk for full takeover, they said. Netgear has since issued several hot fixes, available here. The flaw, a memory-safety issue present in the...
Critical Sophos Security Bug Allows RCE on Firewalls
Cybersecurity stalwart Sophos has plugged a critical vulnerability in its firewall product, which could allow remote code-execution. The flaw, tracked as CVE-2022-1040, is specifically an authentication-bypass vulnerability in the User Portal and Webadmin of the Sophos Firewall. It affects versio...
Smart Lock Turns Out to be Not So Smart, or Secure
Researchers are warning a keyless smart door lock made by U-tec, called Ultraloq, could allow attackers to track down where the device is being used and easily pick the lock – either virtually or physically. Ultraloq is a Bluetooth fingerprint and touchscreen door lock sold for about $200. It...
Death of the VPN: Enterprise Security Needs New Foundations
Introduced to the market nearly two decades ago, enterprise VPN technology has been uniquely enduring. Most large organizations still employ a VPN solution, and many seem to rely on it unquestioningly to provide secure remote access. It’s a rarefied position for a tool that hasn’t fundamentally...
Apache Tomcat Exploit Poised to Pounce, Stealing Files
A vulnerability in the popular Apache Tomcat web server is ripe for active attack, thanks to a proof-of-concept PoC exploit making an appearance on GitHub. The now-patched bug affects Tomcat versions 7.0, 8.5 and 9.0. According to Flashpoint analysts Cheng Lu and Steven Ouellette, an exploit for...
Complex Petya-Like Ransomware Outbreak Worse than WannaCry
Join Kaspersky Lab and Comae Technologies Thursday June 29, 2017 at 10 a.m. Eastern time for a webinar “The Inside Story of the Petya/ExPetr Ransomware.” Click here to attend. The attackers behind today’s global ransomware outbreak are spreading the malware using a modified version of the leaked...
Microsoft Patches Zero-Day Under Active Attack by APT
Microsoft has issued a patch for a zero-day bug being actively exploited in the wild, as part of its Patch Tuesday security bulletin. The vulnerability is an elevation-of-privilege flaw, rated important, affecting the Windows Win32k component. The zero-day CVE-2018-8453, found by Kaspersky Lab,...
NetSupport Manager RAT Spread via Bogus NortonLifeLock Docs
The legitimate remote access tool RAT called NetSupport Manager, used for troubleshooting and tech support, is being converted into a malicious weapon by cybercriminals. Researchers at Palo Alto Networks’ Unit 42 division have spotted a spam campaign attempting to deliver a malicious Microsoft Wo...
Thousands of IoT Devices Bricked By Silex Malware
A 14-year-old hacker used a new strain of malware this week to brick up to 4,000 insecure Internet of Things devices – before abruptly shutting down his command and control server. The malware, dubbed Silex, was first discovered by Larry Cashdollar, senior security intelligence response engineer ...
Medtronic Defibrillators Have Critical Flaws, Warns DHS
The Department of Homeland Security has issued an emergency alert warning of critical flaws allowing attackers to tamper with several Medtronic medical devices, including defibrillators. The two vulnerabilities – comprised of a medium and critical-severity flaw – exist in 20 products made by the...
Staff Think Conti Group Is a Legit Employer – Podcast
Thanks to gray-hat Ukrainian hacker ContiLeaks, the Conti ransomware gang spilled its guts in late February. Since then, researchers have been poring over the group’s secrets, including a massive trove of chat logs and other doxxed data, including source code for Conti ransomware, TrickBot malwar...
CISA Offers New Mitigation for PrintNightmare Bug
The U.S. government has stepped in to offer a mitigation for a critical remote code execution RCE vulnerability in the Windows Print Spooler service that may not have been fully patched by Microsoft’s initial effort to fix it. To mitigate the bug, dubbed PrintNightmare, the CERT Coordination Cent...
Google Chrome V8 Bug Allows Remote Code-Execution
Google’s Chrome browser has several security vulnerabilities that could pave the way to multiple types of attacks, including a V8 bug that could allow remote code execution RCE within a user’s browser. The high-severity V8 issue is tracked as CVE-2021-21227, and was reported by Gengming Liu from...
New Lemon Duck Malware Campaign Targets IoT, Large Manufacturers
Printers, smart TVs and automated guided vehicles that depend on Windows 7 have become the latest juicy targets for cybercriminals leveraging a “self-spreading” variant of the malware Lemon Duck. In a report released Wednesday by TrapX Security, researchers warn manufacturers dependent on IoT...
Malicious PyPI Code Packages Rack Up Thousands of Downloads
Three malicious packages hosted in the Python Package Index PyPI code repository have been uncovered, which collectively have more than 12,000 downloads – and presumably slithered into installations in various applications. Independent researcher Andrew Scott found the packages during a nearly...
New Ransomware Gangs Haron & BlackMatter Are After Fat Cats
So much for darkened servers at the headquarters of DarkSide or REvil ransomware groups. Turns out, we’ve got either their rebranded versions or two new ransomware gangs to contend with. The first new group to appear this month was Haron, and the second is named BlackMatter. As Ars Technica‘s Dan...
Ke3chang APT Linked to Previously Undocumented Backdoor
The Ke3chang cyberespionage group, a.k.a. APT15, Mirage, Playful Dragon or Vixen Panda, has been tied to a backdoor called Okrum that has been used to target diplomatic missions throughout Europe and Latin America. The attribution widens the scope of known Ke3chang activity, an APT believed to be...
‘CryptoRom’ Crypto Scam is Back via Side-Loaded Apps
For about a year now, crypto-traders and lovelorn singles alike have been losing their money to CryptoRom, a malware campaign that combines catfishing with crypto-scamming. According to research from Sophos, CryptoRom’s perpetrators have now improved their techniques. They’re leveraging new iOS...
Moobot Milks Tenda Router Bugs for Propagation
A variant of the Mirai botnet called Moobot saw a big spike in activity recently, with researchers picking up widespread scanning in their telemetry for a known vulnerability in Tenda routers. It turns out that it was being pushed out from a new cyber-underground malware domain, known as Cyberium...
Election Systems Under Attack via Microsoft Zerologon Exploits
U.S. government officials have warned that advanced persistent threat actors APTs are now leveraging Microsoft’s severe privilege-escalation flaw, dubbed “Zerologon,” to target elections support systems. Days after Microsoft sounded the alarm that an Iranian nation-state actor was actively...
Zoom Addresses Vanity URL Zero-Day
A previously undisclosed bug in Zoom’s customizable URL feature has been addressed that could have offered a hacker a perfect social-engineering avenue for stealing credentials or sensitive information. Disclosed by Zoom and Check Point on Thursday, the security flaw existed in the “Vanity URL”...
Podcast: Dating App Privacy and NASA Cyberattack
Beyond the regular drumbeat of security vulnerabilities and patches this week, a slew of stories covered varying topics ranging from NASA to Tinder. The Threatpost team broke down the most interesting stories of the week, including: A ransomware webinar hosted by Threatpost editor Tara Seals, whi...
Critical GitLab Flaw Earns Bounty Hunter $20K
A critical GitLab vulnerability, which could be leveraged by a remote attacker to execute code, recently netted a researcher a $20,000 bug-bounty award. The flaw was reported to GitLab by software developer William Bowling via the HackerOne bug bounty platform on March 23. It was then disclosed...
Code Used in Zero Day Huawei Router Attack Made Public
Exploit code used in the Mirai malware variant called Satori, which was used to attack hundreds of thousands of Huawei routers over the past several weeks, is now public. Researchers warn the code will quickly become a commodity and be leveraged in DDoS attacks via botnets such as Reaper or...